Microsoft Issues Security Patches for 25 Critical Vulnerabilities


Here we are again…

As part of its August Patch Tuesday, Microsoft has today released a large batch of 48 security updates for all supported versions Windows systems and other products.

This month’s security updates cover vulnerabilities in Microsoft’s Windows operating systems, Internet Explorer, Microsoft Edge, Microsoft SharePoint, Adobe Flash Player, Windows Hyper-V and Microsoft SQL Server.

The security updates address a range of issues including 25 critical, 21 rated important and two moderate in severity.

The most interesting and critical vulnerability of this month is Windows Search Remote Code Execution Vulnerability (CVE-2017-8620), affects all versions of Windows 7 and Windows 10, which could be used as a wormable attack like the one used in WannaCry ransomware, as it utilises the SMBv1 connection.

An attacker could remotely exploit the vulnerability through an SMB connection to elevate privileges and take control of the targeted Windows computer.

“A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.

“In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.”

Microsoft also released a security update for the Adobe Flash Player for Internet Explorer, although the company would end its support for Flash at the end of 2020.

Users and IT administrators are strongly recommended to apply security patches as soon as possible to keep away hackers and cybercriminals from taking control over your computer.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Leave a Reply

Your email address will not be published. Required fields are marked *